'Louvre' for password? Decade-old blunder haunts French museum after heist

After the October 19 heist, the Louvre's security failures have come to light, exposing weak passwords, old systems and years of ignored warnings

Don't want to miss the best from Business Standard?

The Louvre Museum, one of the world’s most visited and famous museums, faced a shocking theft on October 19. Thieves managed to steal priceless royal jewels in broad daylight, raising serious questions about the museum’s security. Following the heist, investigations revealed that the Louvre had been struggling with serious cybersecurity and maintenance issues for over a decade, many of which had been repeatedly flagged but never fully fixed, French daily Liberation reported.

 

Early warnings: 'Louvre' as a password

 

The first major warning came in December 2014, when France’s National Agency for the Security of Information Systems (Anssi) conducted an audit of the museum’s IT systems. The audit tested the security network connecting the museum’s critical systems, including alarms, video surveillance and access controls.

 

According to Anssi’s 26-page confidential report, experts were able to infiltrate the network using weak passwords and outdated systems. They discovered that typing “LOUVRE” could grant access to a video surveillance server, while “THALES” opened another software developed by the Thales Group.

 

The agency warned that “the applications and systems deployed on the security network present numerous vulnerabilities”, adding that hackers could remotely access internal systems and alter badge access or video feeds.

 

Anssi advised the museum to strengthen its passwords, and upgrade systems like Windows 2000. However, the Louvre has never publicly confirmed how many of these recommendations were implemented, the news report said.   

 

Problems highlighted in 2017

 

By 2017, another audit, this time by the National Institute for Advanced Studies in Security and Justice, found that many of the same issues persisted. The report warned that “serious deficiencies were observed in the overall system”, and that the museum could “no longer ignore the potential risk of a breach".

 

The 40-page report highlighted several key issues, including untrained staff, malfunctioning security equipment, outdated video surveillance and “accessible” rooftops during renovation work. It also stated that “some computers run obsolete operating systems (Windows 2000 and Windows XP)” without antivirus protection or password policies. Despite these warnings, there is no clear record of what steps were taken, the news report said.

 

Aging systems, software beyond repair

 

Recent documents suggest that by 2019, several key security systems were beyond repair. Procurement records reviewed between 2019 and 2025 show that the Louvre was still relying on old software to run its video surveillance, intrusion detection and access control systems -- many dating back to the early 2000s.

 

One such programme, Sathi, developed by Thales in 2003, was used to manage analog video protection and access control. A 2019 document said that “this system is no longer being developed by Thales”. By 2025, Sathi was officially classified as “software that cannot be updated", still running on Windows Server 2003, an operating system unsupported since 2015.

 

A 2025 audit by the Paris Police Prefecture confirmed that the Louvre’s IT systems “truly needed modernisation”.   

 

The 2025 Louvre heist

 

On October 19, burglars carried out a daylight robbery at the Louvre. At 9:30 am, just half an hour after opening, the thieves used a truck-mounted ladder to reach a second-floor balcony. They broke a window with grinders, triggering alarms and entered the Apollo Gallery, home to the museum’s crown jewels. Visitors were quickly evacuated as police arrived, but the robbers had already escaped with priceless items.

 

Interior Minister Laurent Nunez had said the heist lasted only seven minutes. Nine pieces of royal jewelry from the Napoleonic era were stolen, including items from Queen Marie-Amelie, Queen Hortense and Empress Marie-Louise. The tiara of Empress Eugenie, encrusted with 2,000 diamonds and 200 pearls, was among the stolen artifacts, though the crown was later recovered near the site.

 

French President Emmanuel Macron condemned the theft as “an attack on a heritage that we cherish because it is our history".

 

The Louvre’s recent burglary has brought years of ignored warnings to light. From weak passwords to outdated systems and neglected upgrades, the museum’s IT and physical security infrastructure now face urgent scrutiny, the news report said.